SetWindowHookEx API with WH_JOURNALRECORD. This API fails with access denied (Error 5).

A while ago I came across a problem in which  SetWindowHookEx API with WH_JOURNALRECORD was failing with Access denied on Windows Vista.

If you have the same problem you can do what I tried.

1)     Create and Embed an Application Manifest with Your Application.

o   In our case we would need manifest with<requestedExecutionLevellevel="requireAdministrator"uiAccess="true" />

2)     Authenticode Sign Your Application  You can follow following steps to create a certificate and sign your application. You will need a commercial certificate if you wish your application to be trusted on the target computer of a customer installing your application.The following procedures are provided as examples and are not intended to be strictly followed. For example, replace the test certificate's name with your certificate's name and ensure that you tailor the procedures to map to your specific CA and development environment.

                                            i.           Open Visual Studio Command prompt. Navigate to the folder which has the executable. For example: I am using the sample application you have sent. You should keep that sample application in trusted folder (Program Files).

                                          ii.           Generate the certificatemakecert -r -pe -ss PrivateCertStore -n "CN=MyCertificate.com(Test)" MyCertificate.cer

                                         iii.           Sign the code. Applying a timestamp while signing your application will ensure that the application will continue to run after the validity period of the original certificate.Signtool sign /v /s PrivateCertStore /n  MyCertificate.com(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll MyApplication.exe

                                        iv.           Install the Certificate. To install the test certificate

A.     Launch an elevated command window by right-clicking Command Prompt and selecting Run as administrator.

B.     In Command Prompt, type mmc.exe and press Enter.

C.     In the mmc, select File and then select Add/Remove Snap-in…

D.     In Add or Remove Snap-ins, select Certificates, click Add, and then click OK.

E.      In the Certificates snap-in dialog box, select Computer account and click Next.

F.      In Select Computer, select Local Computer, and then click OK.

G.    In Add or Remove Snap-ins, click OK.

H.     In the Certificates snap-in, and navigate to Trusted Root Certificate Authorities, right-click Certificates, select All Tasks, and then select Import…

I.       In the Certificate Import Wizard, import the test certificate, ContosoTest.cer.

 

3)      Run your application from trusted folders.

意思是说：Vista和win7 不能直接使用这个去HOOK ,这个跟UAC有关，UAC是User Account Control的简称，懂英语的朋友就知道，User Account Control表示用户帐户控制的意思，我们可以在控制面板中对其进行设置。

想要程序能够安装这个hook，必须要有可以信任的证书.

II：生成证书

III:　为你的程序生成签名和过期时间

ＡＢＣ就是在控制台添加刚才生成的证书，也可以右击证书，点安装.

UAC关闭时候 跟XP一样. 

UAC开启的时候, 要使用这个机制简单来说:

1. 编译选项manifest中选择 UAC Execution Level: requireAdministrator (要求提权) UAC Bypass UI Protection: Yes (绕过UI保护)

2. 将编译出来的EXE 打个有效的数字签名 (打自制签名然后导入根证书也是一样的效果)

3. 将打了数字签名的EXE放在 c:\program files\ 目录下 (要绕过UI保护, Windows只承认这一个目录)

然后就可以正常使用WH_JOURNALRECORD journal recorder鼠标键盘输入了...